@@ -165,6 +165,33 @@ func GenerateSignedCert(ca *KeyPair, hostnames HostNames, commonName string) (*K
165165 return & keyPair , nil
166166}
167167
168+ // GenerateSignedCertFromFiles generates a new signed certificate signed by the input CA key/cert pair.
169+ func GenerateSignedCertFromFiles (caCertFile string , caKeyFile string ,
170+ hostnames HostNames , commonName string ,
171+ ) (* KeyPair , error ) {
172+ cert , err := tls .LoadX509KeyPair (caCertFile , caKeyFile )
173+ if err != nil {
174+ return nil , fmt .Errorf ("can't load certificate from `%s` because: %w" , caCertFile , err )
175+ }
176+
177+ // Get the certificate bytes (DER)
178+ certBytes := cert .Certificate [0 ]
179+
180+ // Get the private key bytes (for RSA)
181+ rsaKey , ok := cert .PrivateKey .(* rsa.PrivateKey )
182+ if ! ok {
183+ return nil , fmt .Errorf ("can't load private from `%s` because: %w" , caKeyFile , err )
184+ }
185+ keyBytes := x509 .MarshalPKCS1PrivateKey (rsaKey )
186+
187+ caKeyPair := & KeyPair {
188+ Certificate : pem .EncodeToMemory (& pem.Block {Type : "CERTIFICATE" , Bytes : certBytes }),
189+ PrivateKey : pem .EncodeToMemory (& pem.Block {Type : "RSA PRIVATE KEY" , Bytes : keyBytes }),
190+ }
191+
192+ return GenerateSignedCert (caKeyPair , hostnames , commonName )
193+ }
194+
168195// GenerateCRL will generate a blank Certificate revocation List from the provided issuer certificate.
169196func GenerateCRL (ca * KeyPair ) ([]byte , error ) {
170197 tlsKeyPair , err := tls .X509KeyPair (ca .Certificate , ca .PrivateKey )
0 commit comments